Covert redirect is a structural vulnerability in OAuth-based protocols. It was widely publicized in early May. Identity and security experts had long known about, but don’t have an easy fix. Once the media learned covert redirect isn’t as serious… Continue reading →

As the morning dawns on the Mountain View Computer History Museum in California, the Internet Identity Workshop (IIW) will begin and I’ll propose an “unconference” session on OAuth assurance. As some of you know and others may see from the… Continue reading →

I recently developed a “history of federated identity” diagram and marveled at how it was similar, in many ways, to slides I created while working at Burton Group in 2004. Let’s take a look at a few diagrams and see… Continue reading →

We founded and ran the Burton Group identity management and security consulting practices closely-mapped to Reference Architecture decision support frameworks. After performing hundreds of engagements for Global 1000 companies, universities and government entities we now bring our expertise and industry connections to Security Architects Partners and its clients.

Our mission is to deliver high-quality security consulting and education services to enterprise security clients within commercial organizations, higher-education, government and solution provider environments through a team of expert and trusted security architects.